Heimdal
article featured image

Contents:

A new phishing-as-a-service platform by the name of Caffeine has just made it easier for threat actors to engage in attacks.

An open registration process allows anyone to set up an account, buy a monthly subscription, and start their own phishing campaigns.

 Main Caffeine log in screen – Source

What Does PaaS Mean Exactly

As we know, software as a service or briefly SaaS is a business model that provides access to applications over the internet or cloud, and it comes as an alternative to buying and installing software locally. However, it wasn`t long before this principle surfaced among threat actors, in the shape of malware as a Service (MaaS) or ransomware-as-a-Service (RaaS).

Phishing-as-a-service is different from traditional phishing kits, which are sold as one-time payments to gain access to packaged files with ready-to-use email templates. PaaS is subscription-based and follows a software-as-a-service model, while also expanding on the capabilities to include built-in site hosting, email delivery, and credential theft, according to The Hacker News.

What Makes Caffeine Dangerous

Mandiant`s cybersecurity analysts first discovered Caffeine after investigating a large-scale phishing campaign aimed at Microsoft 365 account credentials.

This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns.

Source

One aspect that makes Caffeine different from other PaaS platforms, is that it does not require invites or referrals. Its open registration process allows anyone with an email to access their services, for a monthly subscription ranging between $250 a month (Basic), $450 for three months (Professional), or $850 for a six-month license (Enterprise).

Another distinction between Caffeine and most PaaS is that its phishing templates target Russian and Chinese platforms, whereas the latter tend to focus on Western services.

Some of the advanced features offered by Caffeine include:

  • Mechanisms to customize dynamic URL schemas.
  • First-stage campaign redirect pages and final lure pages.
  • IP blocklisting options for geo-blocking, CIDR range-based blocking, etc.

Source

As per The Hacker News` article, it seems the ultimate goal of the phishing campaign is to facilitate the theft of Microsoft 365 credentials. However, based on customer demand, additional login page formats could be introduced in the future.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa

COMMUNICATIONS & PR OFFICER

Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE